New Salesforce White Paper Tackles LLM Security Risks
May 3, 2024 — Salesforce has released a comprehensive white paper that details emerging threats posed by Large Language Models (LLMs) and offers actionable strategies for organizations to fortify their defenses.
The age of AI has ushered in a new wave of security concerns that not only threaten the potential exploitation of sensitive data, but also the overall integrity and trust of the technology. LLMs can be hacked, giving threat actors access to proprietary information, or manipulated to produce harmful content.
As businesses grapple with how to deploy generative AI, whose models often use pre-trained LLMs to create content from text prompts, they must use trust-based strategies to protect themselves. The Salesforce white paper outlines some of the most pressing emerging threats to LLMs and how organizations can protect themselves:
- Prompt injections: Bad actors can manipulate an LLM through malicious insertions within prompts and cause the LLM to act as a “confused deputy” for the attacker. Safeguarding against these threats involves a two-pronged strategy – using machine learning defense strategies to intelligently detect and prevent malicious insertions, and using heuristic, learning-based strategies to safeguard against potential threats to prompts, such as deny list-based filtering and instruction defense.
- Training data poisoning: Attackers can manipulate training data or fine-tuning procedures of an LLM. Companies can protect against this by checking that training data inputted does not contain poisoned information, such as malicious code payloads, which could compromise the model’s security and effectiveness, or lead to privacy violations and other security breaches.
- Supply chain vulnerabilities: Vulnerabilities can affect the entire application lifestyle, including traditional third-party libraries/packages, docker containers, base images, and service suppliers. Organizations can guard against these by ensuring that every part of the lifestyle meets the company’s established security standards. And, they must ensure all components pass the company’s internal security review process before they are incorporated into products.
- Model theft: Only authenticated and authorized clients should be able to access a company’s LLM. This prevents actors from compromising, physically stealing, and copying proprietary models. Businesses can also adopt measures such as requiring Just in Time (JIT) credentials, Multi-Factor Authentication (MFA), strong audit trails, and logging to prevent model theft.
- Safe training grounds: Companies should hold the training environments — controlled settings where AI systems can learn and improve their capabilities — to the same security standards as the data environment itself. This is especially important as companies increasingly view training environments as a development environment and treat them with less security.
“As generative AI and its many capabilities rapidly evolve, it’s crucial for organizations to stay ahead of potential security risks that the deployment of LLMs can bring to the forefront,” said Sri Srinivasan, Senior Director of Information Security at Salesforce. “With more than a decade of expertise in AI, and with trust as our number one value, Salesforce has both the expertise and commitment to provide our customers, partners, and the entire ecosystem with the tools and resources needed to navigate the changing landscape and mitigate risks.”
View the comprehensive white paper here.
About Salesforce
Salesforce empowers companies of every size and industry to connect with their customers through the power of data + AI + CRM + trust. For more information about Salesforce (NYSE: CRM), visit: www.salesforce.com.
Source: Salesforce